🔵Unpacthed Telegram Desktop Vulnerability - Api issue could allow attacker to disable notification for specific user:

https://dailycve.com/unpacthed-telegram-desktop-vulnerability-api-issue-could-allow-attacker-disable-notification

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Powerfull real hacking utilities :

Automatically collects basic recon
Automatically launches Google hacking queries against a target domain
Automatically enumerates open ports via NMap port scanning
Automatically brute forces sub-domains, gathers DNS info and checks for zone transfers
Automatically checks for sub-domain hijacking
Automatically runs targeted NMap scripts against open ports
Automatically runs targeted Metasploit scan and exploit modules
Automatically scans all web applications for common vulnerabilities
Automatically brute forces ALL open services
Automatically test for anonymous FTP access
Automatically runs WPScan, Arachni and Nikto for all web services
Automatically enumerates NFS shares
Automatically test for anonymous LDAP access
Automatically enumerate SSL/TLS ciphers, protocols and vulnerabilities
Automatically enumerate SNMP community strings, services and users
Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067
Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers
Automatically tests for open X11 servers
Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
Performs high level enumeration of multiple hosts and subnets
Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting
Automatically gathers screenshots of all web sites
Create individual workspaces to store all scan output
AUTO-PWN:
Apache Struts CVE-2018-11776 RCE exploit
Android Insecure ADB RCE auto exploit
Apache Tomcat CVE-2017-12617 RCE exploit
Oracle WebLogic WLS-WSAT Component Deserialisation RCE CVE-2017-10271 exploit
Drupal Drupalgedon2 RCE CVE-2018-7600
GPON Router RCE CVE-2018-10561
Apache Struts 2 RCE CVE-2017-5638
Apache Struts 2 RCE CVE-2017-9805
Apache Jakarta RCE CVE-2017-5638
Shellshock GNU Bash RCE CVE-2014-6271
HeartBleed OpenSSL Detection CVE-2014-0160
Default Apache Tomcat Creds CVE-2009-3843
MS Windows SMB RCE MS08-067
Webmin File Disclosure CVE-2006-3392
Anonymous FTP Access
PHPMyAdmin Backdoor RCE
PHPMyAdmin Auth Bypass
JBoss Java De-Serialization RCEs

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) Download https://github.com/telnet22/Kn0ck

2) -> knock.conf
CENSYS_APP_ID="REDACTED"
CENSYS_API_SECRET="REDACTED"


» KALI LINUX INSTALL:

chmod +x install.sh
./install.sh

» DEBIAN OR UBUNTU INSTALL:

chmod +x install_for_debian_ubuntu.sh

./install_for_debian_ubuntu.sh

[*] NORMAL MODE
knock -t <TARGET>

[*] NORMAL MODE + OSINT + RECON
knock -t <TARGET> | -o (Osint) | -re (Recon)

[*] STEALTH MODE + OSINT + RECON
knock -t <TARGET> | -m stealth | -o (Osint) | -re (Recon)

[*] DISCOVER MODE
knock -t <Target> | -m discover | -w <WORSPACE_ALIAS>

[*] SCAN ONLY SPECIFIC PORT
knock -t <TARGET> | -m port | -p <portnum>


▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔵MERCUSYS Mercury devices allow Directory Traversal :

https://dailycve.com/mercusys-mercury-devices-allow-directory-traversal

Horizon, the domestic artificial intelligence chip firm, announced the completion of the US$400 million C2 round.
#Technologies

Playtica, worth more than $10 billion on the way to Wall Street.
#Analytiques

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WPA 2 - WIFI HACKING PDFS:

http://webpages.eng.wayne.edu/~fy8421/16sp-csc5991/slides/lab7/wpa2-cracking-kolias.pdf

http://www.og150.com/assets/Wireless%20Pre-Shared%20Key%20Cracking%20WPA,%20WPA2.pdf

https://www.techscience.com/iasc/v25n1/39645/pdf

https://ijarse.com/images/fullpdf/1519302206_SVCET2084ijarse.pdf

https://owasp.org/www-chapter-dorset/assets/presentations/2020-01/OWASP-wlans.pdf

https://benjaminkiesl.github.io/publications/a_formal_analysis_of_ieees_wpa2_cremers_kiesl_medinger.pdf

https://alexandreborgesbrazil.files.wordpress.com/2014/02/cracking_wireless.pdf

http://www.iaea.org/inis/collection/NCLCollectionStore/_Public/46/130/46130069.pdf
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔵Bug in discord api, causing a security issue :

https://dailycve.com/bug-discord-api-causing-security-issue

Don Brovskis, Vice President of the European: The European Union is still committed to settling the conflict with the United States over the levy on internet services.
#International

Amazon is setting up an affordable housing initiative but is not changing the job standards.
#International

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Parsing the / etc / shadow file :

1.Username: This is your login name.

2. Password: This is your encrypted password. The password must be at least 8-12 characters long, including special characters, numbers, lowercase letters, etc.

Usually the password format is $ id $ salt $ hashed. $ Id is an algorithm used in GNU / Linux as follows:

$1$ this is MD5
$2a$ this is Blowfish
$2y$ this is Blowfish
$5$ it's SHA-256
$6$ this is SHA-512
3. Last change of password (last change): days since January 1, 1970, when the password was last changed.

4. Minimum: The minimum number of days required to change the password, that is, the number of days remaining before the user is allowed to change their password.
5. Maximum: The maximum number of days the password is valid (after this user is forced to change his password)
6. Warning: The number of days before the password expires that the user is warned to change the password.
7. Inactivity: the number of days after the password expires that the account has been disabled.
8. Expiration Date: Days from January 1, 1970, when this account is disabled, that is, an absolute date indicating when the login can no longer be used.

How do I change my password?
Use the following syntax to change your own password:

$ passwd

See the passwd command man page for more information.
How can I change the password for another user?
You must be root to change the password for other users:
# passwd userNameHere
or
$ sudo passwd userNameHere
How do I change or set password expiration information?
To change the password expiration information for a user, use the chage command on Linux.
The syntax is as follows (again, you must be root to set the password again):
chage username
chage [options] username
chage itsecforu
chage -l tom
The following options are possible:
-d, --lastday LAST_DAY set date of last password change to LAST_DAY
-E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-h, --help display this help message and exit
-I, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-l, --list show account aging information
-m, --mindays MIN_DAYS set minimum number of days before password
change to MIN_DAYS
-M, --maxdays MAX_DAYS set maximim number of days before password
change to MAX_DAYS
-R, --root CHROOT_DIR directory to chroot into
-W, --warndays WARN_DAYS set expiration warning days to WARN_DAYS
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔵FasterXML jackson-databind code issue vulnerability:

https://dailycve.com/fasterxml-jackson-databind-code-issue-vulnerability

Protection in Artificial Intelligence: Extreme Fake and Post Reality.
#Technologies

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Go example code to modify the file name recursively:

package main

import (
"bufio"
"fmt"
"io/ioutil"
"log"
"os"
"strings"
)

var pathSeparator = string(os.PathSeparator)

/**
*/
func rename(path string, old string, new string) (err error) {
files, err := ioutil.ReadDir(path)
if err != nil {
return err
}
for _, fileInfo := range files {
if fileInfo.IsDir() {
err = rename(path+pathSeparator+fileInfo.Name(), old, new)
if err != nil {
return err
}
err = os.Rename(path+pathSeparator+fileInfo.Name(), path+pathSeparator+strings.Replace(fileInfo.Name(), old, new, -1))
if err != nil {
return err
}
} else {
err = os.Rename(path+pathSeparator+fileInfo.Name(), path+pathSeparator+strings.Replace(fileInfo.Name(), old, new, -1))
if err != nil {
return err
}
}
}
return err
}

func main() {


reader := bufio.NewReader(os.Stdin)
filePath, _ := reader.ReadString('\n')
filePath = strings.Replace(filePath, "\n", "", -1)

fmt.Print(：")
reader = bufio.NewReader(os.Stdin)
name, _ := reader.ReadString('\n')
name = strings.Replace(name, "\n", "", -1)

err := rename(filePath, name, "")
if err != nil {
log.Fatalf：%v\n", err)
}
err = os.Rename(filePath, strings.Replace(filePath, name, "", -1))
if err != nil {
log.Fatalf
}

fmt.Println("success")
}
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Hi all, https://Best.undercode.help :

In this blog we want to upload daily links about top rated apps/softwares and much more checkout the next message, and thanks.

Best 50 websites for watching movies for Free in 2021 :

https://best.undercode.help/best-50-websites-for-watch-movies-for-free-in-2021/

Valve officially released a Steam beta announcement, opened the remote fun function for domestic players.
#Updates

The Russian government has formed the final version of the list of Russian programs for installation on new mobile devices.
#International

🔵Linux outlook expose a new bug could crash the service and leak the password:

https://dailycve.com/linux-outlook-expose-new-bug-could-crash-service-and-leak-password

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is BuiltWith?

BuiltWith is a technology search or profiler.

It provides real-time target information to pentesters through the domain API and domain live API .

The domain API provides technical information such as analytics service, built-in plugins, frameworks, libraries, etc. to penetration testers.

The domain API relies on BuiltWith database to provide current and historical technology information about the target.

The Lookup pane retrieves the same information that the domain API provides.

On the other hand, the domain live API does extensive searches on a domain or URL.

It is possible to integrate both APIs into a security product to provide technical information to end users.

1) BuiltWith Domain API

The BuiltWith Domain API provides XML and JSON access to the technology information of a website which includes all technical information as found on detailed lookups at builtwith.com and additional meta data where available.

3) The general access method is as follows -
https://api.builtwith.com/v18/api.[xml|json]?KEY=[YOUR KEY]&LOOKUP=[DOMAIN]

4) Authentication
You must provide your API key in each lookup. See the examples for how this works.

Login or Create a Free Account to get your API key.

5) Client SDK
A Client SDK for C# is available at https://github.com/builtwith/BuiltWith-C-Client-API and can be installed via NuGet package 'BuiltWith'.

6) Get Domain Example
XML Get Single Domain
https://api.builtwith.com/v18/api.xml?KEY=[YOUR KEY]&LOOKUP=hotelscombined.com

7) JSON Get Single Domain
https://api.builtwith.com/v18/api.json?KEY=[YOUR KEY]&LOOKUP=builtwith.com

8)Get Multiple Domains Example
Provide multiple LOOKUP domains as a CSV (up to 16)
https://api.builtwith.com/v18/api.xml?KEY=[YOUR KEY]&LOOKUP=hotelscombined.com,builtwith.com

9) High Throughput Lookups
For ultra fast high performance API lookups use the following syntax.
https://api.builtwith.com/v18/api.json?KEY=[YOUR KEY]&HIDETEXT=yes&NOMETA=yes&NOPII=yes&NOLIVE=yes&NOATTR=yes&LOOKUP=site1.com,site2.com,site3.com,site4.com,site5.com,site6.com,site7.com,site8.com,site9.com,site10.com,site11.com,site12.com,site13.com,site14.com,site15.com,site16.com

10) 16 Root Domains or Subdomains Only Per Lookup - alphabetically random for performance improvements
Text, Meta, Attributes, Contacts all removed
Removes live lookup of results if not in our database
For even higher throughput contact us about dedicated endpoint solutions.

11) Get Specific Page Profile Example
Providing an internal URL or subdomain will get that specific page technology profile. Ensure you encode the LOOKUP parameter.
https://api.builtwith.com/v18/api.json?KEY=[YOUR KEY]&LOOKUP=hotelscombined.com%2FPlace%2FHawaii.htm


Reference: https://api.builtwith.com/domain-api
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔵Digisol Systems DG-HR3400 cross-site scripting vulnerability:

https://dailycve.com/digisol-systems-dg-hr3400-cross-site-scripting-vulnerability